This ransomware strain just started targeting many more businesses

This ransomware strain just started targeting many more businesses

The relatively new Pysa ransomware was the mainstay behind file encryption attacks in November and saw a 400% increase in attacks on government agencies, according to a study by security firm NCC Group.

Pysa is one of the ransomware groups that uses double-layered to pressure victims to pay a withdrawal request and dump leaks from 50 groups that were previously at risk last month. Overall in November, the number of Pysa attacks increased by 50%, meaning that it passed Conti to the Lockbit into the two most common versions. Conti and Lockbit have been the main series since August, according to NCC Group.

Surprisingly, the Pysa releases data from targets weeks or months after trying to extend them. The big data spill followed after U.S. and EU law enforcement action against some members of the ravomware group REvil, which was behind the attack on IT vendor Kaseya.

Also known as Mespinoza, the Pysa gang seeks evidence of crime among targets for use as levers during typically multi-million dollar negotiations.

The FBI began monitoring Pysa's activity in March 2022 in ransomware attacks against government departments, institutions, private and healthcare. The organization often uses phishing methods for credentials to damage Remote Desktop Protocol (RDP) connections.

Pysa focuses on high-value financial, government and healthcare organizations, notes the NCC Group.

Across all ransomware groups, North American victims reached 154 during the month, 140 of which were U.S. groups, and 96 were European victims in November. The industrial sector was the biggest target in November while attacks on the tech sector fell by 38%.

READ  The Pixel Fold may not match the Pixel 6's camera, which is fine

NCC Group also features a Russian ransomware group called Everest Group that is pushing new frontiers in double extraction by not only threatening to release files but also hacking. giving their customers access to victims ’IT infrastructure. Instead of pursuing crushing, the group instead sold third-party access to the target network, creating a new way to monetize a target. If profitable, this could be a move next year, the NCC Group warns.

“In November, the organization offered paid access to its victims' IT infrastructure, as well as threatening to release stolen data if the victim refused to spy on spyware. pay, "he notes.

“While ransomware-as-a-service sales have seen a very popular increase over the past year, this is a rare example of an organization applying for cryptocurrency and offering access to infrastructure. IT - but we may see copcat attacks in 2022 and beyond. "

Related Posts

Deja una respuesta

Tu dirección de correo electrónico no será publicada.

Subir

We use cookies to ensure that we give the best user experience on our website. If you continue to use this site we will assume that you agree. More information